netfilter buglog - Oct 2006 - [Bug 524] packetfence - IPtables-save produces output that iptables-restore cannot parse

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=524





------- Additional Comments From kaber@trash.net  2006-10-17 09:57 MET -------
Works fine here with iptables 1.3.5 and 1.3.6:

-A POSTROUTING -j MARK --set-mark 0x0 

What command did you use do create the rule? Are you possibly running a 64bit
kernel with 32bit userspace?

-- 
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You reported the bug, or are watching the reporter.

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=524





------- Additional Comments From kaber@trash.net  2006-10-17 09:57 MET -------
Works fine here with iptables 1.3.5 and 1.3.6:

-A POSTROUTING -j MARK --set-mark 0x0 

What command did you use do create the rule? Are you possibly running a 64bit
kernel with 32bit userspace?

-- 
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=524





------- Additional Comments From bruce.rodger@strath.ac.uk  2006-10-17 12:34 MET
-------
Created an attachment (id=279)
 -->
(https://bugzilla.netfilter.org/bugzilla/attachment.cgi?id=279&action=view)
Output from iptables-save-v1.3.3 with problem at line 612


-- 
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=524





------- Additional Comments From bruce.rodger@strath.ac.uk  2006-10-17 12:35 MET
-------
the rules are created within packetfence by various calls to IPTables::IPv4. A
full output from iptables-save (v1.3.x) is attached - the problem line is at
line 612. We have also seen "--set-mark" missing on some of the
subsequent
lines, although I cannot reproduce this at present.

This behaviour has been observed on 2 separate installations at our site, and by
at least one other person on the packetfence mailing list. In our case, it was
observed on both Fedora FC4 and Ubuntu 6.06, using the supplied default generic
SMP kernel, running on a HP DL380 dual processor box.

Full output from iptables-save attached.

Bruce.

-- 
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=524





------- Additional Comments From kaber@trash.net  2006-10-17 12:54 MET -------
The problem seems the be the IPtables perl module. It somehow manages to create
a rule entry for version 1 (which has a new field which contains the operation)
without initializing this field. This causes iptables-save not to print an
operation. I suggest you report this to either the packetfence or the IPTables
perl module authors.

-- 
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You reported the bug, or are watching the reporter.

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=524





------- Additional Comments From kaber@trash.net  2006-10-17 12:54 MET -------
The problem seems the be the IPtables perl module. It somehow manages to create
a rule entry for version 1 (which has a new field which contains the operation)
without initializing this field. This causes iptables-save not to print an
operation. I suggest you report this to either the packetfence or the IPTables
perl module authors.

-- 
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.